Best Practices for Conducting Public Financial Audits

Author: Esnart Namukoko CFE AZICA MBA, Auditor at Office of the Auditor General, Zambia

Effective public financial audits are vital tools in promoting transparency, accountability, and good governance in the public sector. Supreme Audit Institutions (SAIs) play a key role in evaluating how public funds are managed and ensuring that public officials act in accordance with laws, policies, and ethical standards. This article outlines best practices for conducting public financial audits, grounded in the International Standards of Supreme Audit Institutions (ISSAIs).

1. Planning and Risk Assessment  

Audit planning forms the backbone of any successful public financial audit, just like any other audit. Auditors must begin by understanding the audited entity’s operations, environment, and internal control systems, then carry out a risk assessment and then design audit procedures to answer the question “Are the financial statements free from material misstatement, whether due to fraud or error?”

An auditor should understand the ISSAI guidance in carrying out every stage of an audit, including:

1. ISSAI 1310 Identifying and Assessing the Risks of Material Misstatement (ISA 315). Auditors can only identify and assess risks if they understand the environment they are auditing. It is important for an auditor to understand the environment of their auditee. This understanding helps auditors design appropriate audit procedures to mitigate risks and ensure the reliability of financial reporting. 
2. ISSAI 100 Fundamental Principles of Public-Sector Auditing. This ISSAI underscores the importance of risk-based approaches in public auditing.
3. ISSAI 2315 Identifying and Assessing Risks through Understanding the Entity and Its Environment

Failing to conduct proper planning and risk assessment in an audit can lead to several serious consequences that compromise audit quality and the credibility of findings. Key dangers include: 

• Incomplete Audit Coverage
• Inefficient Use of Resources
• Failure to Detect Material Misstatements
• Non-Compliance with Standards
• Weak Stakeholder Confidence, and
• Higher Likelihood of Audit Failures

Poorly planned audits increase the risk of errors in procedures, documentation, and reporting, potentially exposing the auditor and the SAI to reputational or legal risk.

Planning and risk assessment are the foundation of a high-quality, credible, and efficient audit. Skipping or minimizing this step exposes both the auditor and the audited entity to avoidable risks.

2. Gathering Audit Evidence and Documentation 

High-quality audits depend on sufficient and appropriate audit evidence. In line with ISSAI 1500 Audit Evidence¹ and ISSAI 2300 Audit Documentation, auditors should employ a variety of techniques, including analytical procedures, document reviews, and interviews, to collect credible information. Proper documentation ensures audit trail integrity and supports audit conclusions. Borrowing from the Association of Certified Fraud Examiners (ACFE) principle concerning chain of custody, auditors should handle all evidence with the same level of care as if it were to be presented in court. This means maintaining a clear, documented trail of how evidence is collected, stored, and transferred to preserve its integrity and admissibility. Treating audit evidence as potentially forensic enhances its credibility and reinforces the audit’s objectivity. The key words for gathering audit evidence and documentation are sufficiency and appropriateness.

3. Reporting Findings and Recommendations 

An audit’s impact is significantly shaped by how findings are communicated. ISSAI 1700 Forming an Opinion and Reporting on Financial Statements² highlights the importance of timely, clear, and objective reporting. Audit reports should not only highlight irregularities, but also provide actionable recommendations that management can implement. An audit’s value addition is reliant on the ability to present recommendations to change the situation and close control gaps.

4. Follow-Up Mechanisms 

A robust follow-up process ensures that corrective actions are taken on audit findings. ISSAI 3000 Performance Auditing Standards encourages auditors to assess the implementation of recommendations as part of the audit cycle. Additionally, ISSAI 140 Quality Control for SAIs emphasizes maintaining audit quality through systematic follow-up reviews.

5. Upholding Ethical Standards and Independence 

Maintaining the integrity and independence of the audit process is important. ISSAI 30 Code of Ethics³ and ISSAI 10 Mexico Declaration on SAI Independence points to the need for auditors to be free from undue influence and to conduct their work with integrity, objectivity, and professionalism.

6. Conclusion

By adhering to these best practices and aligning with the ISSAI framework, public auditors can enhance the credibility, effectiveness, and impact of their work. In doing so, they strengthen public trust and contribute meaningfully to the sound governance of public resources.

The key to effective audit is credibility. When audits are conducted with integrity and professionalism, they foster trust in both the auditor and the SAI they represent. This trust, in turn, enhances the perceived value of the audit and strengthens public confidence in oversight mechanisms.

Footnotes

1. 
   ISSAI 1200-1810 Financial Audit Practice Note was withdrawn from the INTOSAI framework. The Practice Note provides supplementary guidance on ISA 200 – Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing. The practice notes are still informative and helpful in terms of application of the international standards, and can be found here: https://www.issai.org/wp-content/uploads/2019/09/1d-Financial-Audit-Practice-Notes-Phase-1-_FINAL_-_2_-1.pdf ↩︎
2. 
    ISSAI 1200-1810 Financial Audit Practice Note was withdrawn from the INTOSAI framework. Please see the link in footnote 1. ↩︎
3. 
    ISSAI 30 was withdrawn from the INTOSAI framework, but can be found here: https://www.issai.org/wp-content/uploads/2019/08/Withdrawn-ISSAI-30-E.pdf ↩︎